﻿@model SF.Module.SimpleAuth.ViewModels.HashPasswordViewModel


@{
    ViewData["Title"] = "Password Hasher";
}

<h2>@ViewData["Title"]</h2>


    <h4>Hash Password Form</h4>
    <p>
        Simple auth user account information is stored in a simple json file. You could define users with clear text passwords, 
        but that means anyone who can access the file, such as employees at your web host etc, could access your password.
        It would be better to store the passwords as hashed since it would be extremely difficult if not impossible for someone to
        determine the password from the hash. This utility uses the ASP.NET Identity PasswordHasher to generate the hashes.
        Hashes are one way encryption, they are designed to be impossible to decrypt. 
        When you login, the password you enter is hashed and validated against the hash in storage, and if it matches authorization is granted.
    </p>
    <p>
        Note however, that if you enter the same password into the hash generator, a different hash will be generated each time, so it is not possible
        to just try generating hashes to see if it matches a hash that has been leaked. This makes it very hard for a hacker to get your password from 
        the hash even if he manages to find out the hash. There is a complex algorythm with 
        <a href="https://en.wikipedia.org/wiki/Salt_%28cryptography%29">salt added</a> to make sure the hashes are not deterministic.
    </p>
    <p>
        Keep in mind that use of this utility should only be done either from a localhost installation, or from an SSL/TLS protected endpoint.
        Don't hash your password while using public wifi.
    </p>
    <p>
        Don't use a password that is the same or following any pattern similar to your other passwords at other web sites. 
        If you do that and a hacker manages to get your password from any site, he can try to guess passwords for your other website accounts.
    </p>
    <p>
        Be sure to use a password of at least 8 characters, more is better, and use upper and lower case letters as well as numbers and 
        special characters to make sure you start with a strong password. Don't use dictionary words. We are not masking the password here so make sure no-one is 
        <a href="https://en.wikipedia.org/wiki/Shoulder_surfing_%28computer_security%29">shoulder surfing</a> when you create your password hash.
    </p>
    <p>
        <b>Once all your users have generated their hashes and their hashes have been added to the simpleauthsettings.json file, you probably should disable this page by setting
            EnablePasswordHasherUi as false. 
        </b>
    </p>
    <hr />
<form asp-controller="Login" asp-action="HashPassword" method="post"  role="form">
    <div class="form-group">
        <label asp-for="InputPassword" ></label>
        <div>
            <input asp-for="InputPassword" class="form-control" />
            <span asp-validation-for="InputPassword" class="text-danger"></span>
        </div>
    </div>
    @if (Model.OutputHash.Length > 0)
    {

        <div class="form-group">
            <label asp-for="OutputHash" ></label>
            <div>
                <textarea style="width:100%;"  rows="3">@Model.OutputHash</textarea>

            </div>
        </div>

    }


    <div class="form-group">
        <div >
            <input type="submit" value="Make Hash" class="btn btn-default" />
        </div>
    </div>
</form>